Research by: Oded Vanun, Dikla Barda and Roman Zaikin DJI is the world’s leader in the civilian drone and aerial imaging technology industry. Besides from consumers, though, it has also taken a large share of the corporate market, with customers coming from…

ZIP File Raider - Burp Extension for ZIP File Payload Testing - destine21/ZIPFileRaider

Bypassing disabled exec functions in PHP via imap_open - Bo0oM/PHP_imap_open_exploit

Metadata reveals what might be contained in the data: the point of it is to make connections and provide context, show relationships and help understand them.

gOSINT is an open source intelligence gathering tool developed in Go programming language.

Security updates available for Flash Player

Feed the tool a .nessus file and it will automatically get you MSF shell - DanMcInerney/msf-autoshell

0 votes and 0 comments so far on Reddit

Get the slides and audio here: https://github.com/gamozolabs/adventures_in_fuzzing
Follow me on Twitter: https://twitter.com/gamozolabs

I gave a talk at NYU about some of the major tools I've worked on over the years and why they came to be.

0 votes and 6 comments so far on Reddit

0 votes and 6 comments so far on Reddit

tl;dr gVisor is Google’s sandboxing technology for containers running less-than-fully-trusted code. It’s a Golang reimplementation of the Linux kernel that r...

Combining manual penetration testing and automated security testing results in a comprehensive and effective approach to safety

The darkening mood within the social-media giant is notable in part because its workforce has been resilient through other difficult patches in the past. That includes the period after the 2016 pre…

This article examines the latest attack vector to surface: using Google Bots. It examines how search engines sue bots to help index websites, explains how such attacks happen and how to counter them. Code samples are included.

This blog post examines how PHP stream wrappers can be used to bypass keyword based blacklists. It includes an examination of the generic functions that can be used to interact with streams, the concept of stream-context and steam filters. It also looks at…

Addressing Shadow IT, legacy and abandoned applications for a holistic risk management program.

0 votes and 1 comment so far on Reddit